beautypg.com

Ike authentication with preshared key, Ike authentication with certificates, Miscellaneous parameters – RCA 608WL User Manual

Page 193: Primary untrusted physical interface, Ike exchange mode, Inactivity timeout, Ike security descriptors, Chapter 5

background image

Chapter 5

Expert Configuration

E-DOC-CTC-20041126-0013 v1.0

191

IKE Authentication with

Preshared Key

When you select Use Preshared Key Authentication, the following fields have to be
completed:

Preshared Secret

:

The secret password for the VPN connection. Configure it identically at both
peers (local and remote peer).

Confirm Secret

:

The Preshared Secret value is not shown in clear text. In order to protect from
typing errors, you have to type the key twice.

Local ID Type

and Local ID:

The Local ID identifies the local SpeedTouch™ during the Phase 1 negotiation
with the remote Security Gateway. This identity must match the settings in the
remote Security Gateway.

Remote ID Type

and Remote ID:

The Remote ID identifies the remote Security Gateway during the Phase 1
negotiation. This identity must match the settings in the remote Security
Gateway.

IKE Authentication with

Certificates

When you select Use Certificate Authentication, you have to fill out the
Distinguished Name of the local and remote Certificates.

Miscellaneous

parameters

Comprises the following settings:

Primary Untrusted Physical Interface

IKE Exchange Mode

Inactivity Timeout.

Primary Untrusted

Physical Interface

Influences the behaviour of the VPN connection in case you have a backup physical
interface. Select any if you have no backup interface.

IKE Exchange Mode

Select main mode or aggressive mode. Main mode is more secure while aggressive
mode is quicker.

Inactivity Timeout

When no traffic is detected at the peer for a certain period, all VPN connections to
that peer are closed.

IKE Security

Descriptors

The IKE Security Descriptor bundles the security parameters used for the IKE
Security Association (Phase1).
Pre-configured Security Descriptors can be selected from a list. Select one that
complies with the IKE security parameters configured in the remote Security
Gateway.

If you encounter problems during the IKE negotiations, use the Debug >
Logging

page to verify that the Identity Type and Identity of the two peer

Security Gateways correspond with each other.

The contents of the IKE Security Descriptors can be verified via Advanced >
Peers > Security Descriptors

.

This manual is related to the following products:
See also other documents in the category RCA Hardware: